User:Lucas A. Hadjilucas/DiskEncrypt

From OpenWetWare

As many others, I am concerned about the security of the data in my laptop. Even though, it does not contain industrial secrets or credit card numbers, it still stores a great deal of information about me. Emails, browsing history, university documents, family photos. There is tons of information in there, from account activations to payment receipts, home addresses, not to mention an array of password reminders for I often forget them. So if my laptop is stolen and the thief does not necessarily wipe clean my hard disk before selling it online, my data can end up in the wrong hands very quickly.

Encryption ? Why bother (comic courtesy of xkcd.com)

I know I sound like the crypto-nerd on the left :) but I would feel more relaxed carrying around my own digital portfolio knowing that only I would have access to it. For the windows lovers out there (yes I use XP ...) I have subzero trust in the security offered by NTFS and Windows. One would only have to mount the volume as an external drive and with a few know-hows it's easy to access all the folders. Using a dedicated encryption tool also does not mean that your data is 100% secure but its still a better effort than the windows login password.

If you know what you want to encrypt, i.e. a few files or folders, then whole disk encryption would be an overkill. I would instead recommend using an excellent freeware utility called AxCrypt (http://www.axantum.com/AxCrypt/) that allows you to encrypt or securely delete individual files/folders. It consumes barely any resources and integrates very well with Windows XP. If you are unlucky enough to be running Vista then you would be happy to know it does work... although you might get a few errors if you try to install it anywhere other than C: .

Now in my case, as I have lots of data in all kinds of places (outlook archives, broswer cache, documents folder) it is easier to encrypt the whole of my system volume. Whole disk encryption relies on the application of on-the-fly encryption, meaning that a driver is installed at an os level and handles the encryption/decryption of any file requested by the applications. If you have a good processor and use an efficient algorithm, these tools are pretty transparent and do not impede the system performance. The authentication for most of them is at boot level requesting either a keyfile (from a usb stick) or a password which you type in. If you have the correct key/password, then the system proceeds to boot and you will never have to re-authenticate again. In this case, the encrypted volume will be inaccessible if mounted on an external system as all the partition information and files are jumbled up with random data. As my hard disk setup is pretty standard, just a single NTFS partition with Windows XP loaded, it should be relatively easy to install one. If I had a dual boot system with GRUB etc, things would have been a little more complicated.

Microsoft does offer a drive encryption product (the infamous BitLocker) but its only available in the deluxe versions of Vista (Enterprise/Ultimate). Switching to Vista is a no-go as my laptop, a second hand Thinkpad X40, would never handle the resource abuse. Switching to a linux distro is also not viable as a lot of the software I use is windows only unfortunately. Some people might suggest running a virtualised XP session from within linux but with a 1.2GHz processor and 512MB of memory, I don't think that would run very well.

In any case, after a lot of googling and reading, I found plenty of freeware whole disk encryption applications. TrueCrypt and freeOTFE (OTFE stands for On-The-Fly-Encryption) are very popular. If you can spare £120 you can even buy enterprise level protection with PGP Whole Disk Encryption but thats aimed at business professionals rather than university students :) .